Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Lawsuit filed in 2012, last update early 2015 on Crazy Patent Troll Suing Devs For Posting Apps To Google Play (technobuffalo.com) · · Score: 2

    > According to Wikipedia, Judge Davis retired from the eastern district of Texas a year ago. Why is he still hearing cases?

    The suit was originally filed in 2012. The last motion I found was early 2015. So most of this case occurred prior to Judge Davis leaving the bench.

  2. Re:Engaged, got input, a few minor fixes, no fuck on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 1

    I can understand that reading. The context of the statement is that my entire post was about if I had confidence that any candidate wouldn't do much, I'd not only vote for them, but volunteer for their campaign.

    Bush Jr and Obama did more "stuff" than Bush Sr and Bill Clinton did. Bush Sr had the highest approval rating, followed by Bill, followed by Bush Jr, with Obama last. The two more "active" presidents have much lower approval ratings than the two who left people alone, who didn't go mucking with things,.

  3. Well under a millisecond. Ntp handles false ticker on FAA Warns of GPS Outages This Month During Mysterious Tests On the West Coast (gizmodo.com) · · Score: 1

    If they skew the time enough to have GPS report a location a mile away from actual location, or even 100 miles away, the time will still be within a millisecond of being correct. Given network delays, few computers need the TOD more accurate than a millisecond. Also, ntpd won't jump a full millisecond all the sudden, it will slowly move closer to the reported time. So all in all I'm guesstimating the time may be off be 10-100 nanoseconds.

    If they skew it by a lot, ntpd will detect it as a "false ticker" and ignore that clock. Typically important ntp servers peer with a few others.

  4. > I don't think many senators make complicated bills on their own

    The average senator (including first-year freshmen) sponsors three per year, Clinton took eight years to do what the average senator does in one.

  5. Many sponsors start a bill, co-sponsors sign later on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 1

    > I don't think many senators make complicated bills on their own, many collaborate and is the best way to get your bill passed.

    That's not quite what "sponsor" and "co-sponsor" mean in the Senate. Every Senator who signs the bills at initial introduction is listed as "sponsor". Someone who signs on a week or a month later, often after it's clear that the bill won't pass (or that it will), is listed as a co-sponsor. So sponsor is someone who that it should be introduced, a co-sponsor is someone who decided they agreed with it later. If science were the Senate, I would co-sponsor Einstein's work.

  6. Experience with millions: trim spaces, warn caploc on Password Autocorrect Without Compromising Security (threatpost.com) · · Score: 4, Interesting

    I spent 15 years developing a log in and security system used by about 80,000 web sites, and have had the opportunity to analyze millions of log in attempts. Based on that experience, heres what I do. People copy-paste user names and passwords and when they do, they get extraneous spaces at the beginning and end. So we trim spaces from the beginning and end (not the middle).

    Some people use caps lock when they set their password, but most don't, so we show a big warning message if caps lock is on. Later, gdm (the Linux log in) started doing the same.

  7. Hit submit too soon on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com) · · Score: 1

    I accidentally hit submit too soon.

    Over half of password-protected sites are porn sites.
    Over 90% of password-protected porn sites use one of three billing companies.
    Those three billing companies provide the sites with password scripts that use DES.
    DES is also the default for htpasswd.
    Therefore, more passwords are hashed with DES than any other algorithm.

  8. Adding one more important point on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com) · · Score: 1

    That's all pretty good analysis. Let me throw in one more piece. You don't know what kind of hashing the site uses. Very sadly, the most common is the old-fashioned DES-based which ignores everything past the first eight characters*. Therefore the first eight characters should be as strong as you can make them.

    That may seem surprising. Here are a few facts that partially explain it:
    Most password protected sites are

  9. Let's do be honest. Her 3 sponsored laws on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 1

    Let's do be honest. Here are the three laws she sponsored, according to congress.gov:

    https://www.congress.gov/membe..."bill-status"%3A"law"%2C"sponsorship"%3A"sponsored"%7D

    As you pointed out, there were also bills that were sponsored by another senator which she later signed on as co-sponsor.

  10. 87% lower than average, 99% failure rate on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 1

    I may have missed a word in my post, thanks for pointing that out. As you quoted:

    Of the 363 bills, three became law: (list of the 3 bills you named)"

    She sponsored 3 laws in 8 years, naming a post office, a road, and a historical site. Also as you pointed out, 99% of what she sponsored were dead ends.

    If all of our politicians spent 99% of their time on dead ends, maybe they wouldn't be screwing things up so much.

  11. Re:Engaged, got input, a few minor fixes, no fuck on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 1

    A) Where did I criticise Hillary? I said she's considered one of the best senators, enough that she's likely to be elected president. I listed all of the bills that she sponsored as a senator. If you think her three bills aren't impressive, that's your own judgement.

    B) A hypocrite is someone who publicly espouses one thing, while privately believing the opposite.

  12. Depends on if they are yellow, blue, or black on Uber Denies Access To Harvard Startup That Compared Ride-Hailing Prices (boston.com) · · Score: 1

    > Taxis can be hailed as they are driving past

    That depends. In New York, for example, there are three types of licenses, yellow, blue, and black. Yellow and blue cabs must be painted the designated colors. Black CAN be any other color, but are typically painted black. Black cars must be arranged ahead of time. Blues should be called, but often unlawfully pick up hails.

  13. Engaged, got input, a few minor fixes, no fuck ups on Nest's Time At Alphabet: A 'Virtually Unlimited Budget' With No Results (arstechnica.com) · · Score: 4, Insightful

    They haven't fucked anything up. No beta, they didn't remove the "use classic" link from that horrid mobile site, haven't caused any problems. What they have done so far is engaged with the community, solicited input, and made small improvements that don't cause any new problems.

    If I thought any of the presidential candidates would do as well, I would have volunteered for their campaign. :)

    Come to think of it, MANY people consider Bill Clinton the best recent president. Why, what did he do? Mostly he spent his time dealing with sex scandals. He didn't muck up the growing economy that he inherited or do anything else too bad. His wife spent 8 years as a senator and is now likely to become president. Why, what did she do in her 8 years in the senate? She sponsored a total of three bills in her eight years:

    S. 3145: Name a road "Timothy J. Russert highway".

    S. 3613: Name a post office the "Major George Quamo Post Office Building."

    S. 1241: Designate a union building as a National Historic Site.

    That's it, in eight years as a senator. Apparently that's a great senator, one who should perhaps be president. By this measure, Whiplash should at least be vice president.

  14. Btw I did this for a living. Hashes improved on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com) · · Score: 1

    I should say, for about fifteen years my job was developing software to thwart dictionary and brute force attacks. I've analyzed many millions of attempts and studied most of the tools attackers use. The point is, I'm not guessing what might work.

    > No one is sophisticated (bored?) enough to perform a dictionary attack against a passphrase that has been md5

    This can be a good idea if you take it a step further. As-is, there are of course far fewer MD5 hashes than there are passphrases of a given length, so this approach by itself is questionable. It may or may not work well vs a particular configuration of a particular tool. However ...

    We know that re-using passwords weakens security. Bad guys get a dump of user names and passwords from MySpace and try those same pairs on other sites. We also know that remembering 100 different passwords is impossible, and storing them is a risk. An alternative I've used is to CALCULATE unique passwords. Your password for slashdot.org is SHA1(correcthorse SLASHDOT.ORG batterystaple) . Your password for Facebook is sha1(correcthorse FACEBOOK.COM batterystaple). In that way, crackers can't use your slashdot password to log in to your email, but you only have to remember one thing. By using a strong hash (not md5) neither hash can be reversed to reveal your passphrase.

    * The above is a basic description. There are minor tweaks which enhance the security, such as:
    sha1(SL correcthorsebatterystable ASHDOT.ORG)

  15. You're not listening, assuming a guess on Uber Denies Access To Harvard Startup That Compared Ride-Hailing Prices (boston.com) · · Score: 1

    You keep repeating what you first guessed the facts MIGHT be. You're not listening. Most taxi drivers are NOT employees. They are contractors. The company you call is a dispatch service. Drivers most often own the cars, except in New York where the $1 million medallion, and attached car, is most often owned by investors who lease it to the driver (not to the dispatch company).

    * In the very smallest cities the driver is often neither employee nor contractor, he is the whole company .

  16. Taxis are contractors on Uber Denies Access To Harvard Startup That Compared Ride-Hailing Prices (boston.com) · · Score: 1

    What's the difference between:

    a) A service that connects you to a driver, who is an independent contractor.

    b) A service that connects you to a driver, who is an independent contractor.

    Choice (a) is a taxi. Choice (b) is Uber. They do precisely the same thing, because Uber is a taxi company, plain and simple. The ONLY difference between Uber and most taxi companies is:

    a) A service that connects you to a driver, who is an independent contractor, and who is licensed by the city and sate as required by law.

    a) A service that connects you to a driver, who is an independent contractor , and who is operating illegally, without the required license, because the driver is either unable or unwilling to be licensed properly.

  17. The purpose of a browser. HTML isn't PDF on Why UK's Government Digital Service Decided To Ditch Apps (govinsider.asia) · · Score: 5, Informative

    > Browsers naturally layout the page to fit into the browser window. If you design the website properly, you don't need a bunch of JS to mess with the layout. There already is a layout engine, everyone please stop making your own slower ones.

    Exactly. This is the difference between PDF and HTML - the entire job of a browser is to render the page appropriately for the size of the window, the user's preferred font size, etc. 80% of what a web designer needs to do is simply don't set the width of anything. The browser knows how wide a word is. Then learn the CSS for what yiu actually want, frequently margin and padding. You add margin above something by setting the MARGIN, NOT by moving it down by 60 pixels. Try 1em margin as a starting point.

  18. W2 employees, food safety. Taxis are contractors on Uber Denies Access To Harvard Startup That Compared Ride-Hailing Prices (boston.com) · · Score: 2

    Two major differences in your scenario. McDonald's has W2 employees, your hypothetical has contractors. Taxi companies, including Uber, use contractors.

    Each McDonald's has a food safety permit, and in many states each employee does as well. If they used contractors, the contractors would by law be required to have a permit for commercial food preparation in all states. Much as traditional taxi drivers have the appropriate permits. Uber drivers of course do NOT have proper commercial driver's licenses, in 99% of cases.

    It's unfortunate that taxis, unlike food handlers, have developed a special relationship with politicians in many cities and ask their politicians to improperly restrict licensing. For some reason, the taxi, garbage, casino, and solar-electric industries have a lot of political graft and corruption. That's the real difference between taxis and fast food. Nail salons have a lot of Korean owners, convenience stores are popular with Indian entrepeneurs, and taxis are popular with crooked people who engage in political corruption.

  19. How's that old model working out? on ASUS Delivers Its Updates Over HTTP With No Verification (softpedia.com) · · Score: 1

    I am familiar with the old model, used by most large corporations. How well has that been working?

    I'm also familiar with what I've been DOING for the last 20 years, a model that is commonplace in certain sectors.

    > you won't get anyone that's not completely useless to sign on for that. ...
    > *I have no idea what your security expertise might be, but you clearly know jack about consulting.

    If you haven't been paying attention to Slashdot comments over the years, you can use Google to check out my credentials. You CAN then call me and discuss a project. No, I won't fly out to California to discuss my services; telephones were invented a long time ago, we can have a discussion that way. No, I won't come in for an interview. If you've been referred to me, you can trust that referral or not. No, I won't be paid six months from now, I take Visa, Mastercard, Amex and Paypal, or a retainer check ahead of time. Yes, I will give you my full attention for 45 minutes, think over your project this evening, and email my suggestions tomorrow, for $250.

  20. What do you call a taxi dispatcher with an app? on Uber Denies Access To Harvard Startup That Compared Ride-Hailing Prices (boston.com) · · Score: 2

    > competition when it's them against taxi companies

    Doesn't he mean "against other companies".
    A taxi company with an app is still a taxi company.

  21. Leet speak is not pattern recognition. Non-diction on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com) · · Score: 3, Informative

    > Our ability to remember long passwords is limited without context or patterns.

    Certainly true.

    > A computer's ability to recognize patterns is however insanely difficult.

    "pOs5IbL3" is not pattern recognition, and it is used by common cracking tools. The rules are well known - 3 is interchangeable with E, 0 for O, and 5 for S. Bad guys do those substitutions.

    Mainly what it comes down to when choosing passwords is length. Add a few extra characters to the alphabet, using 0,3, and 5 as letters, is fine and all, but you get more bits of entropy by making your password a character or two longer.

    To create long passwords that one can remember, a sequence of words is good, but of course attackers have dictionaries. One option to improve it, therefore, is non-dictionary words like unjoyfully, runnableness, or happify (make happy). A sequence of such non-words can be easy to remember and hard to crack.

  22. Random is the DEFAULT (which may be silly) on DistroWatch Finally Adds Support For IPv6 (distrowatch.com) · · Score: 5, Informative

    Well, it's the default setting for the operating systems favored by those "less knowledgeable", so that pretty much covers that, doesn't it. Android (the world's most popular OS), Windows (your grandparents most popular OS), and iOS (hipsters most popular OS) all randomize the address by default.

    Whether or not that's a GOOD idea is certainly debateable, but it's what you wanted.

    So the less knowledgeable, people who don't even know what IPv6 is, get a randomized address. People even less knowledgeable than that make panicky, mis-informed posts on Slashdot about OMG I'll be tracked.

  23. 60 minutes with a security professional on ASUS Delivers Its Updates Over HTTP With No Verification (softpedia.com) · · Score: 5, Insightful

    They certainly have the resources to hire people who understand security, but most companies don't. Here's something you might not expect to hear from a security professional such as myself - most companies probably SHOULDN'T hire a security expert. So they don't.

    Why would I say perhaps they shouldn't hire someone like me? Because it doesn't take 40 hours a week for me to say "serve the update over TLS and sign the file". I could protect them from this level of stupid in 1 hour, the other 39 hours they don't really NEED a security expert.

    IMHO what most companies should probably do is invite a security professional to join a web conference or meeting for 30 minutes to an hour at an early stage of a new software project, as the requirements are being firmed up. At this stage I'd hear "download updates" and I'd speak up.

    Then invite your security pro back as the design as finalized, then once more just before release. In no more than three hours a security pro could avoid this type of egregious mistake, while also pointing out a couple of areas that affect reliability (which is also part of security).

    This could cost $1,000 per project or even less if you engage your securiry pro on a regular basis. So you get 80% of the benefit of having a security professional on staff, at less than half the cost.

  24. People did that in 2009 (and 2016), just as they used the deprecated "height" and "width" attributes. Those who did so were doing it wrong. Making a device-specific site was best practice only with wml. "Best viewed in Internet Explorer" or "best viewed on iPad" means you're doing it wrong.

  25. You should explain that to Tesla on Norway Agrees On Banning New Sales Of Gas-Powered Cars By 2025: Report (electrek.co) · · Score: 1, Insightful

    > Are you implying that electric cars don't do well in the cold? Because if you are, you're misinformed. Li Ion based batteries do poorly in heat, but the cold doesn't bother them anywhere near as much as the heat does. Also, Tesla basically has a cooling/heating system just for the batteries

    By installing a battery heater in their California model cars, is Tesla implying that li-ion batteries don't do well in the cold? If they are, they're misinformed - or you are.

    The chemists who make the batteries say that lithium-ion loses 40% of it's capacity at -4F and shouldn't be subjected to any lower temperature even when not being used.